WHAT BOARD MATERIAL DOES THE BOARD NEED FROM MANAGEMENT TO GOVERN DIGITAL TRANSFORMATIONS AND INNOVATION?

IBoards have a vital responsibility to manage risk within a company, but to do so, they require insightful and timely information. This is particularly true when it comes to technology innovation. The question is, what types of information should management share with the board in this area? This proposal identifies two fundamental reporting needs based on current legal and regulatory statues and guidance and suggests ways to present the information in a more effective manner.

First, it is crucial for every director to be acutely aware of a company's cybersecurity strategies, budgets, and talent. In light of the guidance given in XXXXXXX and XXXXXX, it is clear that the government is placing more accountability at the board level to ensure the faithful execution of improved cybersecurity risk and notification processes.

To fulfill this need, directors should have access to audit reports, penetration tests, and PCI compliance reviews on a regular basis. These reports should be jargon-free and focus on the key exposures, the level of business disruption, and the steps, including budget, needed to rectify any issues. These insights should be provided annually and offer guidance on best practices regarding cybersecurity. Best practices should not only address technology topics but also talent, process, and cultural challenges that need to be addressed.

Given the frequency of these reviews, a cybersecurity review should be conducted with the board annually. Approved cybersecurity initiatives that are important to the board should be reviewed at each board meeting, and guidance and support provided where necessary.

Second, technology is rapidly changing industries and creating new competitors every day, which means that boards need to understand management's technology and innovation strategy. They must understand the approach to technology strategy and innovation to perform their due diligence, challenge assumptions, and, when satisfied, support the initiatives.

While road maps displaying technology initiatives and their status are important, they are not enough. Boards must also understand how individual technology or innovative initiatives impact customer experience, product innovation, or operational efficiency. This insight is needed so that board directors, who are typically steeped in business strategy and competitive models, can ensure a prudent and well-considered course for the organization. Once understood, a portfolio approach to investment is required to balance short-term and long-term tradeoffs in alignment with the company's operations and strategy.

By providing this information, boards can make informed decisions that not only manage risk but also promote growth and innovation within the organization. Directors can ensure that cybersecurity risks are being properly managed, and that management is making prudent technology investments that align with the company's vision and strategy.

In summary, effective technology reporting to the board involves providing regular updates on cybersecurity strategies, budgets, and talent, as well as understanding management's technology and innovation strategy, the impact on the customer experience, product innovation, and operational efficiency. With this information, the board can make informed decisions that manage risk and promote growth and innovation within the organization.

Recent Articles

Popular Articles